Awesome
Mashape OAuth
OAuth Modules for Node.js - Supporting RSA, HMAC, PLAINTEXT, 2-Legged, 3-Legged, 1.0a, Echo, XAuth, and 2.0
OAuth Bible
If you're looking for the popular OAuth Bible, here it is. It extensively explains the multitude of OAuth flows and how OAuth works.
Installation
npm install mashape-oauth
Features
- Handles binary responses
- Handles gzipped responses
- Supports having an empty oauth_token for 1.0a
- Supports Plaintext, HMAC-SHA1, and RSA encryption for 1.0a
- Object based parameter system and supports chaining
- Code has been refactored to be more performant in loops, whiles, and callback structures.
- Intuitive method naming, small footprint, and tested against test suites as well as hundreds of APIs.
Usage
Require the library and the one you wish to use.
Using OAuth (1.x, XAuth, Echo):
var OAuth = require('mashape-oauth').OAuth;
var oa = new OAuth({ /* … options … */ }, callback);
options
Object
OAuth request optionsecho
Object
Optional If it exists we treat the request as OAuth Echo request. See TwitterverifyCredentials
String
What is the credentials URI to delegate against?
realm
String
Optional Access Authentication Framework Realm Value, Commonly used in Echo Requests, allowed in all however: Section 3.5.1requestUrl
String
Request Token URL. Section 6.1accessUrl
String
Access Token URL. Section 6.2callback
String
URL the Service Provider will use to redirect User back to Consumer after obtaining User Authorization has been completed. Section 6.2.1consumerKey
String
The Consumer KeyconsumerSecret
String
The Consumer Secretversion
String
Optional By spec this is1.0
by default. Section 6.3.1signatureMethod
String
Type of signature to generate, must be one of:PLAINTEXT
RSA-SHA1
HMAC-SHA1
nonceLength
Number
Optional Length of nonce string. Default32
headers
Object
Optional Headers to be sent along with request, by default these are already set.clientOptions
Object
Optional ContainsrequestTokenHttpMethod
andaccessTokenHttpMethod
value.parameterSeperator
String
Optional Seperator for OAuth header parameters. Default is,
getOAuthRequestToken() - Creating Request Token Call
oa.getOAuthRequestToken({ /* … parameters … */ }, callback);
parameters
Object
Optional Additional Headers you might want to pass along.- If omitted, you can treat parameters argument as callback and pass along a function as a single parameter.
callback
Function
Anonymous Function to be invoked upon response or failure.
Example
oa.getOAuthRequestToken(function (error, oauth_token, oauth_token_secret, results) {
if (error)
return res.send('Error getting OAuth Request Token: ' + error, 500);
else
// Usually a redirect happens here to the /oauth/authorize stage
return res.send('Successfully Obtained Token & Secret: ' + oauth_token + ' & ' + oauth_token_secret, 200);
});
getOAuthAccessToken() - Creating OAuth Access Token Call
oa.getOAuthAccessToken(options, callback);
options
Object
oauth_verifier
String
Verification code tied to the Request Token. Section 2.3oauth_token
String
Request Tokenoauth_token_secret
String
Request Token Secret, used to help generation of signatures.parameters
Object
Optional Additional headers to be sent along with request.callback
Function
Optional Method to be invoked upon result, over-ridden by argument if set.
callback
Function
Anonymous Function to be invoked upon response or failure, setting this overrides previously set callback inside options object.
Example
oa.getOAuthAccessToken({
oauth_verifier: 'ssid39b',
oauth_token: 'request_key',
oauth_token_secret: 'request_secret'
}, function (error, token, secret, result) {
if (error)
return res.send('Error getting Auth Access Token: ' + error, 500);
else
// Usually you want to store the token and secret in a session and make your requests after this
return res.send('Successfully Obtained Token & Secret: ' + token + ' & ' + secret, 200);
});
getXAuthAccessToken() - Creating XAuth Access Token Call
oa.getXAuthAccessToken(username, password, callback);
username
String
XAuth Username credentials of User obtaining a token on behalf ofpassword
String
XAuth Password credentials of User obtaining a token on behalf ofcallback
Function
Anonymous Function to be invoked upon response or failure.
Example
oa.getXAuthAccessToken('nijikokun', 'abc123', function (error, oauth_token, oauth_token_secret, results) {
if (error)
return res.send('Error getting XAuth Access Token: ' + error, 500);
else
// Usually you want to store the token and secret in a session and make your requests after this
return res.send('Successfully Obtained Token & Secret: ' + oauth_token + ' & ' + oauth_token_secret, 200);
});
Request Methods
oa.post(options, callback);
oa.get(options, callback);
oa.delete(options, callback);
oa.patch(options, callback);
oa.put(options, callback);
// Alternatively, you can use the old node-oauth style: (Where method is one of five above.)
oa.method(url, oauth_token, oauth_token_secret, body, type, parameters, callback);
options
Object
Contains Request Informationurl
String
URL to be requested uponoauth_token
String
Optional; Dependant upon request step, could be access, or request token.oauth_token_secret
String
Optional; Dependant upon request stepbody
String
Optional; Body information to be sent along with request.type
String
Optional; Content Request Typeparameters
Object
Optional; Additional headers you wish to pass along with your request.callback
Function
Optional; Method to be invoked upon result, over-ridden by argument if set.
callback
Function
Method to be invoked upon result, over-rides options callback.
Using OAuth2:
var OAuth2 = require('mashape-oauth').OAuth2;
var oa = new OAuth2({ /* … options … */ }, callback);
options
Object
OAuth Request OptionsclientId
String
Client IdentifierclientSecret
String
Client SecretbaseUrl
String
Base url of OAuth requestauthorizationUrl
String
Optional; Authorization endpoint, default is/oauth/authorize
authorizationMethod
String
Optional; Authorization Header Method, default isBearer
accessTokenUrl
String
Optional; Access Token Endpoint, default is/oauth/access_token
accessTokenName
String
Optional; Access Token Parameter Name, default isaccess_token
headers
Object
Optional; Custom headers we wish to pass along